package com.woniuxy.base.config;




import com.woniuxy.base.handler.CustomAccessDeniedHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import javax.annotation.Resource;

/**
 * 作用类似于网关过滤器：哪些URI是可以放行的，哪些是需要登录的
 */
@Configuration
@EnableResourceServer   // 资源服务器
@EnableGlobalMethodSecurity(prePostEnabled = true)  // 开启security的权限注解功能
public class OauthAuthorizationConfig extends ResourceServerConfigurerAdapter {
    // 指定哪些URI需要认证、不需要认证
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/**").permitAll()  // 不需要认证
                .anyRequest().authenticated();  // 需要认证
    }

    @Resource
    private CustomAccessDeniedHandler customAccessDeniedHandler;
    // 异常处理
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        // 没权限异常处理
        resources.accessDeniedHandler(customAccessDeniedHandler);
    }
}
